Building Public Trust [5]: Future solutions for health data sharing in

This wraps up my series of thoughts on ‘Building Public Trust’ since the NIB Bristol meeting on July 24th.

It has looked at how to stop chasing public trust and instead the need to become organisations that can be trustworthy [part 1]. What behaviours make an organisation trustworthy [part 2]. Why fixing the Type 2 opt out is a vital first step [part 3], and why being blinded by ‘the benefits’ is not the answer [part 4], but giving balanced and fair explanations of programme purposes, commissioning and research, is beneficial to communicate.

So I want to wrap up by suggesting how communications can be improved in content and delivery. Some ideas will challenge the current approach.

Here in part five: Future solutions, I suggest why aiming to “Build Public Trust” through a new communications approach may work better for the public than the past. I’ll propose communications on

  • Review content:  what would ethical, accurate content look like
  • Strengthen relationships for delivery: don’t attempt to rebuild trust where there is now none, but strengthen the channels that are already viewed by the public to be trustworthy
  • Rethink why you communicate and the plan for when: All communications need delivered through a conversation with real listening and action based upon it. Equal priority must be given to both a communications plan for today and for the future. It must set out a mechanism for future change communications now,  before the pathfinders begin
  • Since writing this, the Leeds area CCGs have released their ‘data sharing’ comms leaflet. I have reviewed this in detail and give my opinions as a case study.

NIB workstream 4, underpins the NHS digital future,  and aims to build and sustain public trust, delivering plans for consent based information sharing and assurance of safeguards. It focuses on 4 areas: governance and oversight, project risks, consent and genomics:

“The work will begin in 2015 and is expected to include deliberative groups to discuss complex issues and engagement events, as well as use of existing organisations and ways to listen. There will also be a need to listen to professional audiences.”  [NIB work stream 4] [ref 1]

Today’s starting point in trust, trust that enables two-way communication, could hardly be worse, with professionals and public audiences. Communications are packaged in mistrust:

“Relations between the doctors’ union and Health Secretary Jeremy Hunt hit a new low following his announcement in July that he was prepared to impose seven-day working on hospital doctors in England.” [BBC news, Aug 15, 2015]

There appears to be divided opinion between politicians and civil servants.

Right now, the Department of Health seems to be sabotaging its own plans for success at every turn.

What reason can there be for denying debate in the public domain of the very plans it says are the life blood of the savings central to the NHS future?

Has the Department learned nothing from the loss of public and professional trust in 2014?

And as regards the public in engagement work, Hetan Shah, executive director of the Royal Statistical Society said in 2014, “Our research shows a “data trust deficit”. In this data rich world, companies and government have to earn citizens’ trust in how they manage and use data – and those that get it wrong will pay the price.’ [RSS Data Trust Deficit, lessons for policymakers, 2014] [2]

Where do the NIB work stream discussions want to reach by 2020?

“The emergence of genomics requires a conversation about what kind of consent is appropriate by 2020. The work stream will investigate a strand of work to be led by an ethicist.” [NIB work stream 4]

Why is genomics here in workstream 4, when datasharing for genomics is with active consent from volunteers? Why will a strand of work be led by an ethicist for this, and not other work strands? Is there a gap in how their consent is managed today or in how consent is to be handled for genomics for the future? It seems to me there is a gap in what is planned and what the public is being told here. It is high time for an overdue public debate on what future today’s population-wide data sharing programme is building. Good communication must ensure there are no surprises.

The words I underlined from the work stream 4 paper, highlight the importance of communication; to listen and to have a conversation. Despite all the engagement work of 2014 I feel that is still to happen. As one participant summed up later, “They seem hell bent on going ahead. I know they listened, but what did they hear?” [3] pathfinder practices are apparently ready to roll out communications materials: “Extraction is likely to take place between September and November depending on how fair processing testing communications was conducted” [Blackburn and Darwen HW]

So what will patient facing materials look like in content? How will they be rolled out?

Are pathfinder communications more robust than 2014 materials?

I hope the creatives will also think carefully, what is the intent of communications to be delivered.  Is it to fully and ethically inform patients about their choice whether to accept or opt out from changes in their data access, management, use and oversight? Or is the programme guidance to minimise the opt out numbers?

The participants are not signing up to a one time, single use marketing campaign, but to a lifetime of data use by third parties. Third parties who remain in role and purposes, loosely defined.

It is important when balancing this decision not to forget that data  that is available and not used wisely could fail to mitigate risk; for example in identifying pharmaceutical harms.

At the same time to collect all data for all purposes under that ‘patient safety and quality’ umbrella theme is simplistic, and lends itself in some ways, to lazy communications.

Patients must also feel free and able to make an informed decision without coercion, that includes not making opting out feel guilty.

The wording used in the past was weighted towards the organisation’s preference.  The very concept of “data sharing” is weighted positively towards the organisation. Even though in reality the default is for data to be taken by the organisation, not donated by the citizen. In other areas of life, this is recognised as an unwilling position for the citizen to be in.

At the moment I feel that the scope of purposes both today and future are not clearly defined enough in communications or plans for me personally to be able to trust them. Withholding information about how digital plans will fit into the broader NHS landscape and what data sharing will mean beyond 2020 appears rightly or wrongly,  suspicious. Department of Health, what are you thinking?

What the organisation says it will do, it must do and be seen to do, to be demonstrably trustworthy.

This workstream carries two important strands of governance and oversight which now need to be seen to happen. Implementing the statutory footing of the National Data Guardian, which has been talked about since October 2014 and ‘at the earliest opportunity’ seems to have been rather long in coming, and ‘a whole system’ that respects patient choice. What will this look like and how will it take into account the granular level of choices asked for at listening events through 2014?

“By April 2016 NIB will publish, in partnership with civil society and patient leaders, a roadmap for moving to a whole-system, consent-based approach, which respects citizens’ preferences and objections about how their personal and confidential data is used, with the goal of implementing that approach by December 2020.”

‘By December 2020’ is still some time away, yet the pathfinders for rolls on now regardless. The proof that will demonstrate what was said about data use actually is what happens to data, that what is communicated is trustworthy, is part of a system that can communicate this by recording and sharing consent decisions, “and can provide information on the use to which an individual’s data has been put. Over the longer term, digital solutions will be developed that automate as far as possible these processes.”

Until then what will underpin trust to show that what is communicated is done, in the short term?

Future proofing Communications must start now

Since 2013 the NHS England approach appeared to want a quick data grab without long term future-proofed plans. Like the hook-up app approach to dating.

To enable the NIB 2020 plans and beyond, to safeguard research in the public interest, all communications must shape a trusted long term relationship.

To ensure public trust, communications content and delivery can only come after changes. Which is again why focusing only on communicate the benefits without discussing balance of risk does not work.  That’s what 2014 patient facing communications tried.

In 2014 there were challenges on communications that were asked but not answered, on reaching those who are digitally excluded, on reaching those for whom reading text was a challenge, and deciding who the target audience will be, considering people with delegated authority young and old, as well as those who go in and out of GP care throughout their lives, such as some military. Has that changed?

In February 2014 Health Select Committee member Sarah Wollaston, now Chair, said: “There are very serious underlying problems here that need to be addressed.”

If you change nothing, you can expect nothing to change in public and professional feeling about the programme. Communications cannot in 2015 simply revamp the layout and pacakging. There must be a change in content and in the support given in its delivery. Change means that you need to stop doing some things and start doing others.

In summary for future communications to support trust, I suggest:

1. STOP: delivering content that is biased towards what the organsation wants to achieve often with a focus on fair processing requirement, under a coercive veil of patient safety and research

START: communicating with an entirely ethical based approach reconsidering all patient data held at HSCIC and whether omission of  ‘commercial use’, balanced risks as identified in the privacy impact assessment and stating ‘your name is not included’ is right.  

2. STOP: Consider all the releases of health data held by HSCIC again and decide for each type if they are going to deliver public confidence that your organisations are trustworthy. 

START: communicate publicly which commercial companies, re-users and back office would no longer be legally eligible to receive data and why. Demonstrate organisations who received data in the past that will not in future.  

3. STOP: the Department of Health and NHS England must stop undermining trust in its own leadership, through public communications that voice opposition to medical professional bodies. Doctors are trusted much more than politicians.

START: strengthen the public-GP relationship that is already well trusted. Strengthen the GP position that will in turn support the organisational-trust-chain that you need to sustain public support. 

4. STOP: stop delaying the legislative changes needed on Data Guardian and penalties for data misuse 

START: implement them and clearly explain them in Parliament and press

5. STOP: don’t rush through short term short-cuts  to get ‘some’ data but ignore the listening from the public that asked for choice.

START: design a thorough granular consent model fit for the 21stC and beyond and explain to the public what it will offer, the buy in for bona fide research will be much greater (be prepared to define ‘research’!

6. STOP: saying that future practices have been changed and that security and uses are now more trustworthy than in the past. Don’t rush to extract data until you can prove you are trustworthy.

START: Demonstrate in future who receives data to individuals through a data use report. Who future users are in practice can only be shown through a demonstrable tool to see your word can be relied upon in practice. This will I am convinced, lower the opt out rate.

 Point 6 is apparently work-in-progress. [p58]

7. STOP: rolling out the current communications approach without any public position on what changes will mean they are notified before a new purpose and user in future of our data

START: design a thorough change communications model fit for the 21stC and beyond and tell the public in THIS round of communications what changes of user or purposes will trigger a notification to enable them to opt out in future BEFORE a future change i.e. in a fictional future – if the government decided that the population wide database should be further commercialised ‘for the purposes of health’, linked to the NHSBT blood donor registry and sold to genomic research companies, how would I as a donor be told, BEFORE the event?

There are still unknowns in content and future scope that mean communications are difficult. If you don’t know what you’re saying how to say it is hard. But what is certain is that there are future changes in the programme planned, and how to communicate these these with the public and professionals must be designed for now, so that what we are signed up for today, stays what we signed up for.

Delivering messages about data sharing and the broader NHS, the DH/NHS England should consider carefully their relationships and behaviours, all communication becomes relevant to trust.

Solutions cannot only be thought of in terms tools, not of what can be imposed on people, but of what can be achieved with people.

That’s people from the public and professionals and the programme working with the same understanding of the plans together, in a trusted long term relationship.

For more detail including my case study comments on the Leeds area CCGs comms leaflet, continue reading below.

Thanks for sharing in discussions of ideas in my five part post on Building public trust – a New Approach. Comments welcome.

If you change nothing, nothing will change.

Other professionals clearly feel as I do, that little of substance has changed in 18 months and public trust remains precarious: “patients, public and healthcare professionals must understand and trust the system. Building that trust is fundamental.” [Letter to the Guardian, 27 July 2015]

Given the starting point where the public levels of trust in the organisation and programme are low, given the content of communications hasn’t worked well to date to change critical opinions, and given the backlash in how it was to be carried out and communicated, I’d suggest not repeating the same.

There has been far too little patient involvement to date that has shaped the programme, despite Mr Kelsey often saying. “Putting the patient voice in the room is a really important part of the digital agenda.”

Those voices raised questions that remain to be answered. Communications need to decide whether to try and answer those questions in public up front, or in individual communications at the point of contact in any pre-extraction fair processing / opt out choice.

Content of previous communications I would argue tend towards the approach which tells the legal minimum but not the full picture.

Sir Nick Partridge in the past HSCIC audit [4] recognised that there is no scope for future surprises:

“The public simply will not tolerate vagueness about medical records that may be intensely private to them.” [Telegraph, June 2014]

If behaviours in the organisation are to increase trust then there must be complete honesty and openess about all the purposes and uses of data.

If the programme wants to change something (namely increase the level of trust the public and professionals have in the programme), they must make a change. This involves stopping doing some things and starting doing others.

Communications content: Ethical & Accurate or Tick Box Exercise?

How have communications changed since the patient leaflet and animation of spring 2014?

“Records are linked in a secure system so your identity is protected. Details that could identify you will be removed before your information is made available to others, such as those planning NHS services and approved researchers.” [Better Information means Better care leaflet, Spring 2014]

>> Purposes seem fluid, going from expanding to more, to missing some out. This web page now omits research purposes – which is correct?

>> The future roadmap left open the option for future waves to release identifiable data. This alone is surely a sound reason for excluding in any communications that info is de-personalised or that identifying data are removed.  That aside from the fact that most agree with the own privacy impact assessment [5] that there is risk of re-identification.

Secondly, HES and SUS data are released as fully identifiable [6], and may include name.  If the comms say we do not extract name, then patients are going to be very confused when contacted using it, if they opted out of GP record sharing (Type 1 objection) and materials made them think their name would not be sent to the HSCIC.

“We sometimes release confidential information to approved researchers, if this is allowed by law and meets the strict rules that are in place to protect your privacy.” [patient communications 2014]

Approval to use data without consent in bona fide research is managed with an ethical oversight panel. [7] But the public is largely unaware of their data being used without consent to date.  Secrecy or making the use of s251 seem less commonplace than it is, is not a strong foundation for the 2020 plan. The ‘sometimes’ type-wordng should be scrapped.

Remember, you’re trying to ensure the organisation is trustworthy, not just gets away with the minimum legal fair processing requirement.

What will the pathfinder Communications say?

In October 2014 communications creatives reviewed materials’ design apparently with selected ‘user groups’. New proposals published in January included different styles of approach to choose from. None appear to address concerns from the listening exercises that remain open.

I would like to see the focus on robust content, not pretty packaging.

thanksYes, packaging matters. Public reaction to communications will be driven by how questions are framed.

“Should private companies make a profit from your personal records?” is different from “Should organisations be able to use anonymous statistics to help find cures for children with cancer”.

At the same time, consider what is the brief for these communications?

I hope the creatives will also think carefully, what is their intent.  Is it to fully and ethically inform patients about the changes in data access, management, use and oversight or is their guidance to minimise the opt out numbers?

There should be an evidence base from existing data to know what is missing and what value will be created from specific new data gathered. What questions will we be able to answer in future, we cannot today?

Wording must enable patients to make an informed decision without coercion, which includes potential guilt. Opt out infers some negative  connotation of unwillingness  to play a role in supporting the service. Past leaflets did not provide a form, which was poor too.

Is it ethical to leave out the words ‘commercial use’ when the decision-making implications and ethical choices made by the commercial data user may be considerably different from those in the public interest? Would it pass fair processing and is “passing” the legal test good enough, or should we hope to see communications that deliver truly fair processing with full facts?

Is it ethical to describe data used as anonymous or de-personalised if it is extracted as identifiable unless people opt out? Data are in fact potentially identifiable given a set of circumstances as identified in the privacy impact assessment.

Is it ethical to say as past materials did, your name is not included?  “At no time,” really? Knowing that HSCIC holds names on the PDS system, yet patients do not? No communications to date have mentioned this and all its users. Is this failing legal fair processing?

Communications content and framing must not seek to address a minimum standard that gets past the immediate need for fair processing as a tick box exercise. Consent is only valid if given voluntarily and freely, without pressure or undue influence being exerted on the person either to accept or refuse.

Finally, what are people agreeing to when they decide not to opt out? Future scope changes are planned, expanding the HES dataset, expanding maternity data, including other GP practice items. This one time opt out cannot ethically be any sort of agreement to any and all future expansion of datasets. Mental health? Social care?  Sensitive conditions? Future scope content is fluid.
And who will use data?  As SCR just proved, the users of data can be expanded at will. At first for use in Emergency care only, by physicians only, now direct care records the Summary Care Record,  may be viewed by high street pharmacists and they have also been given access to DWP data. The scope of “who is a clinician” is fluid. The Paramedics role is changing today, will they access the Summary Care Record? In future, who will ‘count’ as an AQP? “Allied Health Professionals.” Will they access the Summary Care Record?
The mistake the SCR communications team has made is to think that no public communication was necessary for a scope expansion. To have done it once, where will they now draw the line?
The pubic have entrusted their confidential medical records for direct care by immediate medical staff treating them, ostensibly in emergency away from home situations. Stray far off this path  and risk losing public trust at your peril.

Communications content for all data uses, whether for direct or indirect care must be accurate, complete and ethical.  And all scope changes, whether in use (purpose expansion) or users (access expansion) must be communicated.

STOP: Consider all the uses of data again and really decide are they going to achieve public confidence that your organisations are trustworthy.

START: Demonstrate who received data in the past that would no longer.  If you change nothing, you can expect nothing to change in public and professional feeling about the programme.

There is nothing like scope creep to damage trust if who you said will access data changes and you’re not told.  [It also kills a project from a budget point of view.] Above all, what is said will be done must be honest and complete and be seen to be done.

Lastly, and equally important is to ensure that the right to opt out is clearly and fairly explained and unlike in 2014, some sort of form must be provided.

Currently GP practices around the country have a variety of forms and opt outs some covering SCR and GP data and HES/SUS data all in one form. Local programmes vary and cause confusion. But for example, even my own practice had the does inverted on their opt out form for a year.

How will these local variations be tested and yet a cookie-cutter, copy paste approach be evaluated to rollout at scale/ How will success be measured?

The IIGOP report on outlined in December 2014 asked a very sound question on page 8:

“What are the implications of using locally developed communications material (“co-production”) for subsequent national rollout ?”

Will these pathfinders test content as a pilot by its nature, for national rollout?

Or are they being tailored to the current reality of Type 2 opt out not working for example? They cannot accurately do both.

Will pathfinder communications scale to delivery to 60m people?

Have the tricky questions with certain groups been addressed, such as Gillick competency with children upwards of 10, concerns with foreign temporary resident details,  for the Forces staff in and out of regular GP care, as raised at the Mencap event in 2014?

Once the what of content is sorted out well, the how becomes easy. The problems arise when the content tries to short cut facts that are misleading on security, or commercial use for example. Or secondary uses that are left out completely from communications, like Home Office access to hospital data.

I for one want to see this issue debated, if it is not raised by NHS England and the communications teams. They must address communication of future scope changes now. Why tell us about any of today’s scope of purposes and users at all if it is incomplete and there is no intention to tell us about changes?

You may not want to set them all in stone, fine. But there needs to be a process in place for when they are agreed, how they will be communicated, and who pays for it.

Tell me it has been budgeted for, right? Otherwise CCGs and GPs, I’d ask now. Nothing is certain, except change. Future scope changes are planned. How will they be communicated and who pays for that ongoing update process?

Since I wrote this post, a local leaflet from the Leeds CCGs has been published on twitter. They have their own local care record, as well as national schemes on offer, so I’d say they made a decent attempt at explaining them all in one booklet. That said, there are some things that need fixed:

  1. p.6 Q: “Do I have to have a summary care record? A: “Yes. Your GP will have informed you at the time by letter which contained details about your choices and how to opt out of the scheme.”  The correct answer is no, as you may choose not to. You do NOT have to have a summary care record. It is not a requirement. This is wrong.If it’s not, more questions need asked. Could this mean this data is extracted nationally for everyone regardless of SCR opt out, and there is in fact only a read permission created which can be opted out from? You don’t opt out from the extraction, you ‘have to have’ an electronic record stored at HSCIC but you can choose to stop making it accessible for those with SCR read permission? If so, urgent explanation is needed, cos everyone else in the country explains this wrongly.And in terms of wording, ‘at the time’ doesn’t seem related to anything?
  2. p.5 – now that this has been opened up to pharmacists for everyday use, and without informing patients of the change, this statement of when the record may be accessed is out of date, and is misleading: “essential information about you anywhere in the country, so that you can be given safe treatment during an emergency or when your GP surgery is closed. and repeats; “when treating the person, especially as their GP surgery is likely to be closed.
  3. p.5 – I also find the whole public explanation of SCR problematic. Reality is if you are that seriously injured, there is not time to access a computer register of 60M people which requires precise knowledge of the person’a name and address for correct identification. ” Without the Summary Care Record, it would be difficult for A&E staff to find out if there are any important factors to consider treating the person, especially as their GP surgery is likely to be closed.” Reality is if someone has a serious allergy there are few A&E situations in which this would put them at more risk than the reason for their treatment. I’ve known someone wear something like this instead.  The SCR is a pharmaceutical record. Now used by pharmacists and if it is being opened for use to others, these users must be clearly explained.
  4. p.8  So to “GPs already record this information using a series of codes. Only this coded information will be collected.” This is misleading and needs fixed. Why add it at all to “In addition the information from your GP about prescriptions, referrals and diagnoses will also be collected.” Computers ‘only speak’ code. For example,  while you may say ‘opt out’ the system records  ‘9Nu4′ on your record. In addition, there will be a label programmed to go with it, so if GPs run a report to find everyone who has opted out, they can see both 9Nu4 somewhere on the report titled ‘opt out’, or the title of the search criteria will allow them to search for the text explanation [you don’t code a system for users that is 100% codes, no one can remember what they all are, people search by word terms, as well, not only for codes] . Secondly, it therefore insinuates that ‘only this coded information’ is somehow less identifying, is therefore wrong. It’s not hard to understand that MOTDOB is mother’s date of birth. There is a full public dictionary of these codes.What I suspect it may be trying to do, is say will not extract information from free text notes. However this means that the legal requirement of fair processing, requires re-notification when does in future extract free text from notes.
  5. p.2 – needs clarified – “Personalised care management, known also as population health management, pro-active care management or risk stratification, is a process that helps your family doctor (GP) manage your health.”
    What they have termed ‘personalised care’ and also known as risk stratification, is a secondary use of data and Indirect care – not direct, and I query whether this is locally done only by clinical staff rather than CCG / CSU? ” If so, it’s fine.If not, there are three sentences I ‘d suggest need reconsidered: “The information will only be seen by qualified health workers involved in your long term care.”  – “Only healthcare staff who are directly involved in your care can see your records” and  “Your GP regularly uses information from their records….”   surely this should read “your” records.The explanation of purposes must separate clearly direct care and indirect secondary use. This appears to conflate the two. It is also separated in its explanations in by colour and layout from both the Leeds Care Record and the  If this is because both will use data for risk stratification, then this is clearly wrong. is entirely secondary use of data.
  6. Something’s missing: where is the communication of sharing school nurse data and public health 0-5 maternity / child care to the Health and Social Care Information Centre? If this leaflet is to cover everything, there’s a significant chunk of information about data use for children missing.
  7. Something else is missing: “Once your information has been connected, the information that could identify you will be removed or reduced to make them less identifiable, for example, using age, instead of date of birth.” No where does this mention that the Personal Demographic Service at HSCIC holds name, DOB and other detail. Removed for but not from the set of other national databases about which, the public has no information.
  8. “Businesses that support the NHS to make services better” is quite a neat explanation of commercial use, but it is incomplete and I’m not sure that it is accurate. If Experian is granted data for use in mosaic it is not at all covered by this, as for example was done in summer 2014.  In addition, this does not cover re-use or Back Office uses at all not all of which, are “those who plan NHS services, researchers, medical charities and businesses.”
  9. Finally, opt out is still really unclear. “This opt out will include both local and national uses of your GP information and one of these is the programme.”  So does this opt out cover ‘local uses’ of my GP record, does that mean it’s not used in the Leeds Care Record and Personalised Care Plan listed on p 10?  And can I presume there is an opt out form provided for each of these programmes listed somewhere else?

It’s certainly not easy to explain lots of different uses and users of sometimes the same data being extracted for different reasons, in one leaflet even more so. Trying not to overload citizens with too much information, has to be balanced with what is a full and transparent explanation. But I worry that these explanations do not sufficiently detail who will be using our data. 

I also feel they explain well for those who already know a fair bit about the detail of patient data flows. For many it will be just long, wordy explanations which all sound rather similar.

I wonder why it is all done in words rather than a multiple data flow chart? Opt out would be more clearly explained graphically this way too, with a “want to share your records?” goes to “do nothing” button.  Whereas “I do not want this data used outside my GP practice” would lead to a “take action: fill in and return the form.”

The point of communication is to prove organisations are worthy of trust, not to get away with the legal minimum. 

How will communications be delivered? Where does trust work today and can we build on that channel?

If you want to change something (namely increase the level of trust the public and professionals have in the programme), you must make a change. This involves stopping doing some things and starting doing others.

After 18 months months, I wonder if NHS England and the DH may have already burned their boats on public trust for a great many people.

What does work or is easy to do today? Who are trusted?  The answer is GPs.

Just today, a recent survey published in the Independent showed a net trust in doctors of 80%+. Politicians? 16%. And believe me, NHS England, you know towards which end of the spectrum the Commissioning Board is perceived.

Patient – GPs have the most trusted relationship than other orgs and stakeholders involved in the programme

[Ref: Royal Statistical Society Data Trust Deficit , 2014 ]

41% have high trust in GPs. Only 13% trust the government as much. Only 11% of the population has a low trust in GPs compared with 49% that don’t trust government. 

GPs, the same people who stood up for confidentiality in 2014 and were ignored. The same professionals who are being criticised at every turn by those at the top of the organisational-trust-chain: by the Secretary of State, by Directors at NHS England and NIB.

When the Secretary of State, Jeremy Hunt MP says things about professionals like: ‘I will not allow @TheBMA to be a road block to reforms that save lives’  is really unhelpful – what does he think these professionals have gone into the medical vocation for?

 What is said and what happens seem worlds apart. I trust qualified medical professionals to understand what is needed to deliver good healthcare.

Do the public and medics trust the Secretary of State to do the same? 

“Mr Hunt’s success with Hotcourses came after a failed venture to import marmalade to Japan and after he set up a PR company.” [FT, 2014]

Political policy often suggests that the government is more interested in cutting cost than providing care where it is most needed. It doesn’t build trust.

The starting point of the public-organisation-trust-chain is the GP / clinician treating them. Current DH comments, attitudes and approach are damaging that relationship at its very starting point.

With it, they may be destroying the single best future channel for public-government trust in health, that could have been.

Is this intentional? If it is not, there needs to be an urgent change of course.

7 day working out of touch with patients claims the Department of Health? Not those who seek evidence based policy.  Which part of “unpopular with patients” did NHS Hambleton, Richmondshire and Whitby CCG get wrong?

To protect and build the organisational-trust-chain here is something you can stop doing:


To protect and build the organisational-trust-chain here is something you can start doing:


There was a vote by the BMA-LMC to which I didn’t ever see a public response from NHS England.

What does that say about their relationship if they appear not to be talking about these critical issues?

“NHS managers are issuing hundreds of contract breach notices to GP practices a year, with GP leaders warning some are ‘too ready to take punitive action’,” Pulse reported.

This is no way to run a health service and no way to build relationships that depend upon trust.

Let’s remember the key phrase in the NIB work stream 4: There will also be a need to listen to professional audiences.”  [NIB work stream 4] [ref 1]

That’s 1.4 M clinicians according to Mr.Kelsey at Bristol, and there’s more in the public who are sceptical of government intentions. So.

To build public trust in the organisational-trust-chain:

STOP: undermining trust in the Department of Health and NHS England, through the DH public criticism and opposition to medical professionals.

START: strengthen the public-GP relationship that is already well trusted.

Organizations that want individuals data must protect the point of gathering/release. The universal entry point is GPs. As proven time and time again – NPfIT, Connecing for Health, Healthspace – national orgs simply do not manage a national, unified tool and access point well – and for the public trusted human contact counts for a lot.  Even Tesco Clubcard signs up most people in stores with people to ask questions of, and help fill in the form.

Even if NHS England hopes one day to have a tool that bypasses GPs, such as a direct online sign up tool, a portal, the GP is always going to be the public first-point-of-contact for medical related questions.

To deny this or try to work round it is impossible. Even Egbot goes to his GP and talks about his diabetes app data and his Mum’s personal budget.

As the Wellcome Trust in April 2015 said: 

“the importance of building and maintaining trust and confidence among all stakeholder groups concerned – including researchers, institutions, ethical review boards and research participants – as a basis for effective data sharing cannot be overstated.

Someone in the morning at the Bristol NIB meeting, gave a local example of where trust was missing. They had a meeting with Monitor to talk about patient benefits and three solicitors had turned up.

I’d like to have made a suggestion in Bristol, not far from Brunel’s Clifton suspension bridge. He was a man of vision. A great engineer. But he was most proud, not of his technical capabilities, but of what he achieved with people.

While NIB discussions focused on finding a tool, they struggled. One regional CCG commissioner in IT wanted a card and online sign up at eighteen. I think there my point fell on deaf ears. A technology tool is not a solution.

Tools can enable solutions but are not of themselves going to provide solutions to changing behavioural values for long term relationships.

How are they going to achieve this in the future? For communications to become more trustworthy the organisational behaviour must change first.


“At the first suitable legislative opportunity, we will seek to place the role of the National Data Guardian on a statutory footing. In doing so, DH will consult on what powers the National Data Guardian should have and how those powers should be exercised.”
Well get on with it then. It’s been 18 months. Other laws get drafted and passed in days. The delay seems inexplicable, and again, not conducive to trust.

STOP: stop delaying the legislative changes needed

START: implement them and clearly explain them in Parliament.

But we changed Legislation, why didn’t Public Trust improve?
The Care Act legislative changes were insufficient to do so. Leaving commercial use loosely defined is shortsighted, and  not conducive to trust.
 Data was released from HES in July to Experian for use in mosaic. They are a commercial data broker. If that makes the definition of ‘purposes of health and social care’, then what will not?  Will this change?
Who all future users might be remains open as the Care Act 2014 clause is broadly defined. Jamie Reed MP said in the debate: ‘the new clause provides for entirely elastic definitions that, in practice, will have a limitless application.’

STOP: saying that legislation was changed and it would change access and that ‘purely commercial access’ would stop

START: publish the past users list and show which companies and users would no longer be eligible to receive data today and why

This will demonstrate a change. Change that can be seen.

Future proofing the public trust-chain maintenance

There is no public plan in place for ongoing relationship management.

That must change to be successful, and it can’t happen mid-way through dating in the pathfinder. People entering any relationship need trust from the outset.

The Programme / NHS England seems set on the “hook up app approach” with the public, when long term bona fide researchers are looking for a long term relationship.

Consent is not a one time check box.  At Bristol NIB meeting we discussed one idea further.

The proposal was for a licence that looks a bit like patient PKB,  in terms of starting to set up a health plan that would trigger a review with sign-up done at 18.

I raised concern with regards guidelines of Gillick competency and Fraser.

The different approach between IT tech person, clinician and public point-of-views to me was stark in that one minute of discussion. The tool could work, but first the approach to age and delegated authority must be decided with or without online support.

I remember classmates and friends, at my comprehensive school, 14 and 15 year old girls who never told anyone else of their GP visits. How is their confidentiality and trust to be safeguarded in

Elsewhere, the Human Tissue Authority at their annual meeting on July 14 focused on consent. On how patients and professionals may be involved in a positive two-way ‘conversation’, an exchange of knowledge and informed decision making.

Commercial solutions to this are being sought as exemplified in the iRights campaign supported by technology giants.

Baroness Kidron said: ‘people should also have the right to know who is holding or profiting from their information, what their information is being used for and whether it is being copied, sold or traded.’ [DM, 28 July 2015]

To enable what you need versus what every data user under the sun may want, you are going to have to offer granular consent.

Why the rush to grab data before this is thoroughly set out? Because European Data Protection is being strengthened to empower the individual? Because it’s already late in the competitive digital day to get this started?

STOP: don’t rush short term short cuts to access data.

START: design a thorough granular consent model fit for the 21stC and beyond and explain to the public what it will offer, the buy in for bona fide research will be much greater (be prepared to define ‘research’!)

Who all future users are in practice can only be shown through a demonstrable tool. Showing that what was promised about who will use data and why actually happened in practice. Deliver a tool that demonstrates this and shows your word can be relied upon in practise.

STOP: sharing data from those who have exercised their right to opt out

START: respecting the public and offer them a solution to the problem you have created – fix the type two opt out and deliver proof it works 

What lies ahead in the work stream 4? Going back to where we started:

“The emergence of genomics requires a conversation about what kind of consent is appropriate by 2020. The work stream will investigate a strand of work to be led by an ethicist.”

What kind of consent? Are there different kinds of consent or different purposes for which consent can be sought? This seems a politcally packaged sentence that means something else. So back to you DH and NIB.

After all, by definition despite all the posturing, is not a consent model. There is an assumption everyone opts in, You cannot assume consent.  Ultimately this precarious pillar on which has sought assent is still not a solid foundation.

While trust is built on a shaky foundation, the future of data sharing is unstable.

To wrap up my thoughts from the NIB meeting on Rebuilding Public Trust, I take you back to the seven suggestions I wanted to see change from the summary.

Create seven strong pillars upon which trust can be built.

1. Abstract ‘Public trust’ is not vital to the future of data sharing. Shift  focus from the public to your concrete data sharing practices being trustworthy and ensure all uses generate confidence.

2. Data-sharing is not vital to future-proof the NHS. Demonstrate how data will generate knowledge which cannot otherwise be found in what you do today in CPRD and commissioning, and what will be done with that business intelligence. Be specific.

3. A quick fix, hook up approach to ‘get the public’s data’, is not what you need. It’s not a tick box exercise. Deliver on promised governable oversight and long term future-proofed models .

4. Tech solutions do not create trust. Focus on human behaviour and understanding change, and find the tools to enable it afterwards.

5. Communications that tell the public ‘we know best, trust us’ will fail. Focus on demonstrating through action what the organisations have done to be trustworthy, demonstrating capability and accountability.

6. communications must have integrity and consistency. Be reliable. Say what you’ll do,  and do what you say and make it timely. (like Type 2 opt out and statutory footing)

7. This work does not exist in a vacuum. Being trustworthy is more than this.Treat professionals and public better and with more trust in NHS communications in general. Trust is not a tick box process, it has to be earned.

Change must be demonstrable.

If the DH has big plans, for example in public engagement in genomics, there is currently an impossibly wide gulf to leap from here to there.

Above all, the front line GPs are your professional bridge to the public. Think carefully about the what you are burning today. Think like Brunel did and discuss as he did in Bristol, not only technical solutions, not what can be imposed on people, but what can be achieved with people. That’s public and professionals together.

Public trust in data sharing must be solidly in place if it is to underpin future plans and be robust for the future. I hope a new approach to understanding public trust could help.


Part one: A seven step top line summary – What I’d like to see change addressing public trust in health data sharing for secondary purposes and why.

Part two: a New Approach is needed to understanding Public Trust – Trust is not a thing. Trust is not homogeneous. Trust  is nuanced even within the single relationship between one individual and another. It doesn’t exist in a vacuum.

Part three: Know where you’re starting from – Fixing what has already been communicated is vital before new communications get rolled out. Vital to content of your communications and vital for public trust and credibility.

Part four: Communicate the Benefits won’t work – For those interested in more in-depth reasons, I outline in part two why the communications approach is not working, why the focus on ‘benefits’ is wrong, and fixes.

Reference footnotes:

[1] NIB work stream 4 and  [1b] NHS England October 2014

[2] Royal Statistical Society Data Trust Deficit

[3] Public questions remain unanswered – what to do now? I know they listened, but what did they hear?

(4] HSCIC data releases PWC audit  and response  by Simon Denegri 

[5] Privacy Impact Assessment

[6] HSCIC Data release register

[7] Health data releases for research purposes – CAG decisions

[8] BMA LMC Vote 2014–bma

[9] Why Wanting a Better Care.Data is not Luddite:

[10] Talking to the public about using their data is crucial- David Walker, StatsLife

Caldicott Review 2: